Awareness & Understanding
In this first unit, let’s explore the role of cybersecurity as a key element of farm business management by going through common cybersecurity threats and identifying how these threats impact different farm businesses and agricultural sectors.
Common Cybersecurity Threats to Agricultural Producers
Agriculture is key to Canadian prosperity and wellbeing, but it is facing a variety of challenges and threats. Farmers, as business people and entrepreneurs, are also at the front lines of maintaining strong and resilient rural communities.
Like other critical infrastructures, the agri-food sector is becoming a growing target for malicious cyber exploits (or ‘cyberattacks’). Humans - through everyday errors, or susceptibility to behavioural manipulation - are often the weakest link from a cybersecurity perspective. At the same time people can also be the greatest strength when there is awareness and basic ‘cyber hygiene’ practices in place.
New technologies to address the food system challenges of the 21st century
In 🚜Module 2: Data in Agriculture we looked at the wide range of types of agriculture data. As a part of that, we also encountered a wide range of digital technologies that are used to create, collect and manage data. Before we start thinking about potential cybersecurity threats, let’s review a few different types of on-farm digital technologies:
- Wireless sensor networks: Soil moisture, animal movement and animal health
- Industrial control systems, autonomous and semi-autonomous equipment, robotics: GPS controlled seeding and harvesting equipment, environmental control systems in livestock barns, robotic milking parlours; irrigation systems, UAVs (drones)
- Decision support systems: Precision agronomy software, farm information management systems (FIMS)
- Supply chain, logistics and agricultural inputs: Supplier deliveries and transactions, shipping, food traceability
Three things to keep in mind:
1. The agri-food sector is diverse. Individual farms will face different challenges depending on their production, network, and on-farm technology.
2. Cyber incidents can result in loss of sensitive data, impair automated processes, and prevent equipment or systems from operating.
3. Where malicious exploits or accidents interrupt the data flow, any connected, dependent, processes and devices may be impacted. This can look like:
- Immediate harm in the case of ransomware attacks on environmental control systems in livestock operations
- Longer-term damage to productivity and profitability in the case of irrigation, or waste and environmental monitoring systems.
The US Department of Homeland Security (DHS) analyzed cybersecurity threats in farming in 2018 , and many of its warnings apply to Canada too.
- Cyber interruptions to positioning, navigation and timing (PNT) systems may occur. The loss of access to the GPS guidance signals used across a number of precision agriculture applications could disrupt productivity at a wide scale.
- Extended down-time for precision seeding equipment during critical planting windows can lead to lower crop density with resulting impacts on productivity and profitability.
- Bandwidth limits in agricultural communities and patchwork communication systems create network weaknesses that can be exploited to disrupt various information communications technology (ICT) functions in the supply chain.
- Foreign access to unmanned aerial system (UAS) data is a risk. If large UAS datasets can be aggregated, they can reveal vulnerabilities that can be exploited for political and commercial purposes. Near real-time aerial sensing data may also be exploited to image targets as a prelude to a range of potential malicious exploits.
- Access to precision agriculture equipment hardware and software through built-in backdoors or malicious hacks could be used to remotely disable a range of agricultural operations, in bulk, during critical periods. A book by cybersecurity reporter Nicole Perlroth assessed that with the growing digital basis of critical infrastructures, and with more potential points of attack, “the potential for sabotage has never been greater”.
Supply Chain 'Choke-Points'
As an example, let’s take a look at Canada’s beef supply chain, which has particular vulnerabilities related to the concentration of key processes.
As the figure below shows, at one end of the supply chain are large numbers of small-scale producers and at the other end are many wholesalers and retailers. The number of key players shrinks rapidly, as livestock moves from primary producers to finishing operations to a very small number of processing operations. At the same time, the level of dependence on technology increases.
Disruptions involving these supply chain ‘choke-points’ would have significant knock-on impacts throughout the beef supply chain. Because of the key role these choke-points play within the agri-food system, these locations represent key attack points for those seeking to cause massive disruptions to critical infrastructures and the people and processes they serve.
Of course, it isn’t just a cyberattack that causes this kind of damage to your farm. Sensor malfunctions resulting from equipment flaws, environmental conditions damage (e.g. dust or moisture) can also cause damage. If we take an example from a livestock operation, this could compromise the environmental control systems, or animal health disease monitoring systems, potentially leading to catastrophic livestock losses or even public health events.
Some questions for reflection:
Do you, or anyone you know, use a significant number of digital agriculture technologies on their farm? What are they used for?
Did you receive any training from the vendor(s) in how to use these technologies more securely? What did this involve?
Have you ever had a business interruption related to a breakdown of any of these technologies? How did this happen and what did you do to manage?
“There are two types of precision agriculture systems – those that have been hacked and those that will be.”
This doesn’t mean that these technologies aren’t useful, or safe, or that your operation definitely will be attacked. But it does mean that no technology is 100% secure. And there are things that can be done to make it less likely that any piece of digital farm equipment – or an entire networked system – will be attacked successfully.
First, let’s look at the basic kinds of cybersecurity threats.
Basically, cybersecurity is about being able to protect against and recover from incidents compromising your digital technologies. A traditional starting point for understanding cybersecurity draws from the information security management (ISM) concepts of confidentiality, integrity and availability (CIA) which are key to being resilient .
Achieving CIA through information security involves protecting information - both electronic and paper formats - and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Confidentiality is about ensuring that information is not accessible to unauthorized people, organizations or processes. Privacy is often considered a part of confidentiality.
Integrity is achieved when information is accurate and complete. Any changes or additions to the data are done intentionally by authorized users. Integrity can be disrupted if an authorized party accesses your data or a technical malfunction .
Availability is assured when data, and all of the systems that handle and safeguard it, are ready to do work and perform their expected functions for authorized users.
Now that we've gone through some common cybersecurity threats, let's test out your understanding in a short quiz!
Next: 💢Developing Threats
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License .